Or how about this detailed overview of how an API passes credentials around in the URL after storing them in clear text and making a vain attempt to thwart SQL injection. Yep.

I recently caught up with Greg Shackles of the Gone Mobile Podcast and we spoke about a heap of these security anti-patterns in mobile APIs. This is off the back of my latest Pluralsight course, Hack Your API First so if you want to know what that’s all about, the podcast will give you a really good sense of why it’s important. You can find it podcast on Gone Mobile’s site or listen to it directly here: